OCaml 5.0.0 rebuild: Fix Pervasives deprecation
[arch-packages.git] / shadow / trunk / 0002-Adapt-login.defs-for-PAM-and-util-linux.patch
blob05ac6eb7f2324264f8929f607b3f73a8d519121d
1 From e5cd1303ef4dab4e25ad01d4795b80a32cafa469 Mon Sep 17 00:00:00 2001
2 From: David Runge <dvzrv@archlinux.org>
3 Date: Mon, 31 Oct 2022 09:45:13 +0100
4 Subject: [PATCH 2/4] Adapt login.defs for PAM and util-linux
6 etc/login.defs:
7 Remove unused login.defs options, that are either irrelevant due to the
8 use of PAM or because the util-linux version of a binary does not
9 support them.
10 Modify all options that are ignored when using PAM, but are supported by
11 util-linux.
13 Removed options because they are part of PAMDEFS (options in PAMDEFS are
14 options silently ignored by shadow when built with PAM enabled):
15 * CHFN_AUTH
16 * CRACKLIB_DICTPATH
17 * ENV_HZ
18 * ENVIRON_FILE
19 * ENV_TZ
20 * FAILLOG_ENAB
21 * FTMP_FILE
22 * ISSUE_FILE
23 * LASTLOG_ENAB
24 * LOGIN_STRING
25 * MAIL_CHECK_ENAB
26 * NOLOGINS_FILE
27 * OBSCURE_CHECKS_ENAB
28 * PASS_ALWAYS_WARN
29 * PASS_CHANGE_TRIES
30 * PASS_MAX_LEN
31 * PASS_MIN_LEN
32 * PORTTIME_CHECKS_ENAB
33 * QUOTAS_ENAB
34 * SU_WHEEL_ONLY
35 * SYSLOG_SU_ENAB
36 * ULIMIT
38 Removed options because they are not availablbe with PAM enabled:
39 * CONSOLE_GROUPS
40 * CONSOLE
41 * MD5_CRYPT_ENAB
42 * PREVENT_NO_AUTH
44 Removed options because they are not supported by login from util-linux:
45 * ERASECHAR
46 * KILLCHAR
47 * LOG_OK_LOGINS
48 * TTYTYPE_FILE
50 Removed options because they are not supported by su from util-linux:
51 * SULOG_FILE
52 * SU_NAME
54 Adapted options because they are in PAMDEFS but are supported by login
55 from util-linux:
56 * MOTD_FILE
58 man/login.defs.5.xml:
59 Remove unavailable options from man 5 login.defs.
60 ---
61 etc/login.defs | 212 +------------------------------------------
62 man/login.defs.5.xml | 150 +-----------------------------
63 2 files changed, 8 insertions(+), 354 deletions(-)
65 diff --git a/etc/login.defs b/etc/login.defs
66 index 114dbcd9..7c633a57 100644
67 --- a/etc/login.defs
68 +++ b/etc/login.defs
69 @@ -3,6 +3,8 @@
71 # $Id$
73 +# NOTE: This file is adapted for the use on Arch Linux!
74 +# Unsupported options due to the use of util-linux or PAM are removed.
77 # Delay in seconds before being allowed another attempt after a login failure
78 @@ -11,26 +13,11 @@
80 FAIL_DELAY 3
83 -# Enable logging and display of /var/log/faillog login(1) failure info.
85 -FAILLOG_ENAB yes
88 # Enable display of unknown usernames when login(1) failures are recorded.
90 LOG_UNKFAIL_ENAB no
93 -# Enable logging of successful logins
95 -LOG_OK_LOGINS no
98 -# Enable logging and display of /var/log/lastlog login(1) time info.
100 -LASTLOG_ENAB yes
103 # Limit the highest user ID number for which the lastlog entries should
104 # be updated.
105 @@ -40,88 +27,13 @@ LASTLOG_ENAB yes
107 #LASTLOG_UID_MAX
110 -# Enable checking and display of mailbox status upon login.
112 -# Disable if the shell startup files already check for mail
113 -# ("mailx -e" or equivalent).
115 -MAIL_CHECK_ENAB yes
118 -# Enable additional checks upon password changes.
120 -OBSCURE_CHECKS_ENAB yes
123 -# Enable checking of time restrictions specified in /etc/porttime.
125 -PORTTIME_CHECKS_ENAB yes
128 -# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
130 -QUOTAS_ENAB yes
133 -# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
134 -# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
136 -SYSLOG_SU_ENAB yes
137 -SYSLOG_SG_ENAB yes
140 -# If defined, either full pathname of a file containing device names or
141 -# a ":" delimited list of device names. Root logins will be allowed only
142 -# from these devices.
144 -CONSOLE /etc/securetty
145 -#CONSOLE console:tty01:tty02:tty03:tty04
148 -# If defined, all su(1) activity is logged to this file.
150 -#SULOG_FILE /var/log/sulog
153 # If defined, ":" delimited list of "message of the day" files to
154 # be displayed upon login.
156 -MOTD_FILE /etc/motd
157 +MOTD_FILE
158 #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
161 -# If defined, this file will be output before each login(1) prompt.
163 -#ISSUE_FILE /etc/issue
166 -# If defined, file which maps tty line to TERM environment parameter.
167 -# Each line of the file is in a format similar to "vt100 tty01".
169 -#TTYTYPE_FILE /etc/ttytype
172 -# If defined, login(1) failures will be logged here in a utmp format.
173 -# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
175 -FTMP_FILE /var/log/btmp
178 -# If defined, name of file whose presence will inhibit non-root
179 -# logins. The content of this file should be a message indicating
180 -# why logins are inhibited.
182 -NOLOGINS_FILE /etc/nologin
185 -# If defined, the command name to display when running "su -". For
186 -# example, if this is defined as "su" then ps(1) will display the
187 -# command as "-su". If not defined, then ps(1) will display the
188 -# name of the shell actually being run, e.g. something like "-sh".
190 -SU_NAME su
193 # *REQUIRED*
194 # Directory where mailboxes reside, _or_ name of file, relative to the
195 @@ -139,21 +51,6 @@ MAIL_DIR /var/spool/mail
196 HUSHLOGIN_FILE .hushlogin
197 #HUSHLOGIN_FILE /etc/hushlogins
200 -# If defined, either a TZ environment parameter spec or the
201 -# fully-rooted pathname of a file containing such a spec.
203 -#ENV_TZ TZ=CST6CDT
204 -#ENV_TZ /etc/tzname
207 -# If defined, an HZ environment parameter spec.
209 -# for Linux/x86
210 -ENV_HZ HZ=100
211 -# For Linux/Alpha...
212 -#ENV_HZ HZ=1024
215 # *REQUIRED* The default PATH settings, for superuser and normal users.
217 @@ -175,23 +72,6 @@ ENV_PATH PATH=/bin:/usr/bin
218 TTYGROUP tty
219 TTYPERM 0600
222 -# Login configuration initializations:
224 -# ERASECHAR Terminal ERASE character ('\010' = backspace).
225 -# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
226 -# ULIMIT Default "ulimit" value.
228 -# The ERASECHAR and KILLCHAR are used only on System V machines.
229 -# The ULIMIT is used only if the system supports it.
230 -# (now it works with setrlimit too; ulimit is in 512-byte units)
232 -# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
234 -ERASECHAR 0177
235 -KILLCHAR 025
236 -#ULIMIT 2097152
238 # Default initial "umask" value used by login(1) on non-PAM enabled systems.
239 # Default "umask" value for pam_umask(8) on PAM enabled systems.
240 # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
241 @@ -211,27 +91,12 @@ UMASK 022
243 # PASS_MAX_DAYS Maximum number of days a password may be used.
244 # PASS_MIN_DAYS Minimum number of days allowed between password changes.
245 -# PASS_MIN_LEN Minimum acceptable password length.
246 # PASS_WARN_AGE Number of days warning given before a password expires.
248 PASS_MAX_DAYS 99999
249 PASS_MIN_DAYS 0
250 -PASS_MIN_LEN 5
251 PASS_WARN_AGE 7
254 -# If "yes", the user must be listed as a member of the first gid 0 group
255 -# in /etc/group (called "root" on most Linux systems) to be able to "su"
256 -# to uid 0 accounts. If the group doesn't exist or is empty, no one
257 -# will be able to "su" to uid 0.
259 -SU_WHEEL_ONLY no
262 -# If compiled with cracklib support, sets the path to the dictionaries
264 -CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
267 # Min/max values for automatic uid selection in useradd(8)
269 @@ -268,28 +133,6 @@ LOGIN_RETRIES 5
271 LOGIN_TIMEOUT 60
274 -# Maximum number of attempts to change password if rejected (too easy)
276 -PASS_CHANGE_TRIES 5
279 -# Warn about weak passwords (but still allow them) if you are root.
281 -PASS_ALWAYS_WARN yes
284 -# Number of significant characters in the password for crypt().
285 -# Default is 8, don't change unless your crypt() is better.
286 -# Ignored if MD5_CRYPT_ENAB set to "yes".
288 -#PASS_MAX_LEN 8
291 -# Require password before chfn(1)/chsh(1) can make any changes.
293 -CHFN_AUTH yes
296 # Which fields may be changed by regular users using chfn(1) - use
297 # any combination of letters "frwh" (full name, room number, work
298 @@ -298,38 +141,14 @@ CHFN_AUTH yes
300 CHFN_RESTRICT rwh
303 -# Password prompt (%s will be replaced by user name).
305 -# XXX - it doesn't work correctly yet, for now leave it commented out
306 -# to use the default which is just "Password: ".
307 -#LOGIN_STRING "%s's Password: "
310 -# Only works if compiled with MD5_CRYPT defined:
311 -# If set to "yes", new passwords will be encrypted using the MD5-based
312 -# algorithm compatible with the one used by recent releases of FreeBSD.
313 -# It supports passwords of unlimited length and longer salt strings.
314 -# Set to "no" if you need to copy encrypted passwords to other systems
315 -# which don't understand the new algorithm. Default is "no".
317 -# Note: If you use PAM, it is recommended to use a value consistent with
318 -# the PAM modules configuration.
320 -# This variable is deprecated. You should use ENCRYPT_METHOD instead.
322 -#MD5_CRYPT_ENAB no
325 # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
326 -# If set to MD5, MD5-based algorithm will be used for encrypting password
327 # If set to SHA256, SHA256-based algorithm will be used for encrypting password
328 # If set to SHA512, SHA512-based algorithm will be used for encrypting password
329 # If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
330 # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
331 # If set to DES, DES-based algorithm will be used for encrypting password (default)
332 # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
333 -# Overrides the MD5_CRYPT_ENAB option
335 # Note: If you use PAM, it is recommended to use a value consistent with
336 # the PAM modules configuration.
337 @@ -381,17 +200,6 @@ CHFN_RESTRICT rwh
339 #YESCRYPT_COST_FACTOR 5
342 -# List of groups to add to the user's supplementary group set
343 -# when logging in from the console (as determined by the CONSOLE
344 -# setting). Default is none.
346 -# Use with caution - it is possible for users to gain permanent
347 -# access to these groups, even when not logged in from the console.
348 -# How to do it is left as an exercise for the reader...
350 -#CONSOLE_GROUPS floppy:audio:cdrom
353 # Should login be allowed if we can't cd to the home directory?
354 # Default is no.
355 @@ -406,12 +214,6 @@ DEFAULT_HOME yes
357 NONEXISTENT /nonexistent
360 -# If this file exists and is readable, login environment will be
361 -# read from it. Every line should be in the form name=value.
363 -ENVIRON_FILE /etc/environment
366 # If defined, this command is run when removing a user.
367 # It should remove any at/cron/print jobs etc. owned by
368 @@ -459,14 +261,6 @@ USERGROUPS_ENAB yes
370 #GRANT_AUX_GROUP_SUBIDS yes
373 -# Prevents an empty password field to be interpreted as "no authentication
374 -# required".
375 -# Set to "yes" to prevent for all accounts
376 -# Set to "superuser" to prevent for UID 0 / root (default)
377 -# Set to "no" to not prevent for any account (dangerous, historical default)
378 -PREVENT_NO_AUTH superuser
381 # Select the HMAC cryptography algorithm.
382 # Used in pam_timestamp module to calculate the keyed-hash message
383 diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
384 index ab62fa86..d82c47f1 100644
385 --- a/man/login.defs.5.xml
386 +++ b/man/login.defs.5.xml
387 @@ -7,69 +7,38 @@
389 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
390 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
391 -<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
392 <!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
393 -<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
394 -<!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
395 -<!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
396 <!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
397 <!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
398 <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
399 -<!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
400 <!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
401 <!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
402 -<!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
403 -<!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
404 -<!ENTITY ERASECHAR SYSTEM "login.defs.d/ERASECHAR.xml">
405 <!ENTITY FAIL_DELAY SYSTEM "login.defs.d/FAIL_DELAY.xml">
406 -<!ENTITY FAILLOG_ENAB SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
407 -<!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
408 -<!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
409 <!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
410 <!ENTITY HMAC_CRYPTO_ALGO SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
411 <!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
412 <!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
413 -<!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
414 -<!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
415 -<!ENTITY LASTLOG_ENAB SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
416 <!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
417 -<!ENTITY LOG_OK_LOGINS SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
418 <!ENTITY LOG_UNKFAIL_ENAB SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
419 <!ENTITY LOGIN_RETRIES SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
420 -<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
421 <!ENTITY LOGIN_TIMEOUT SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
422 -<!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
423 <!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
424 <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
425 -<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
426 <!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
427 -<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
428 <!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
429 -<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
430 -<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
431 -<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
432 -<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
433 <!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
434 <!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
435 <!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
436 -<!ENTITY PORTTIME_CHECKS_ENAB SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
437 -<!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
438 <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
439 -<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
440 -<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
441 -<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
442 <!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
443 <!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
444 <!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
445 <!ENTITY SYSLOG_SG_ENAB SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
446 -<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
447 <!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
448 <!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
449 <!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
450 <!ENTITY TTYGROUP SYSTEM "login.defs.d/TTYGROUP.xml">
451 -<!ENTITY TTYTYPE_FILE SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
452 <!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
453 -<!ENTITY ULIMIT SYSTEM "login.defs.d/ULIMIT.xml">
454 <!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
455 <!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
456 <!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
457 @@ -145,47 +114,25 @@
458 <para>The following configuration items are provided:</para>
460 <variablelist remap='IP'>
461 - &CHFN_AUTH;
462 &CHFN_RESTRICT;
463 - &CHSH_AUTH;
464 - &CONSOLE;
465 - &CONSOLE_GROUPS;
466 &CREATE_HOME;
467 &DEFAULT_HOME;
468 &ENCRYPT_METHOD;
469 - &ENV_HZ;
470 &ENV_PATH;
471 &ENV_SUPATH;
472 - &ENV_TZ;
473 - &ENVIRON_FILE;
474 - &ERASECHAR;
475 &FAIL_DELAY;
476 - &FAILLOG_ENAB;
477 - &FAKE_SHELL;
478 - &FTMP_FILE;
479 &GID_MAX; <!-- documents also GID_MIN -->
480 &HMAC_CRYPTO_ALGO;
481 &HOME_MODE;
482 &HUSHLOGIN_FILE;
483 - &ISSUE_FILE;
484 - &KILLCHAR;
485 - &LASTLOG_ENAB;
486 &LASTLOG_UID_MAX;
487 - &LOG_OK_LOGINS;
488 &LOG_UNKFAIL_ENAB;
489 &LOGIN_RETRIES;
490 - &LOGIN_STRING;
491 &LOGIN_TIMEOUT;
492 - &MAIL_CHECK_ENAB;
493 &MAIL_DIR;
494 &MAX_MEMBERS_PER_GROUP;
495 - &MD5_CRYPT_ENAB;
496 &MOTD_FILE;
497 - &NOLOGINS_FILE;
498 &NONEXISTENT;
499 - &OBSCURE_CHECKS_ENAB;
500 - &PASS_ALWAYS_WARN;
501 - &PASS_CHANGE_TRIES;
502 &PASS_MAX_DAYS;
503 &PASS_MIN_DAYS;
504 &PASS_WARN_AGE;
505 @@ -195,25 +142,16 @@
506 time of account creation. Any changes to these settings won't affect
507 existing accounts.
508 </para>
509 - &PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
510 - &PORTTIME_CHECKS_ENAB;
511 - &QUOTAS_ENAB;
512 &SHA_CRYPT_MIN_ROUNDS; <!-- documents also SHA_CRYPT_MAX_ROUNDS -->
513 - &SULOG_FILE;
514 - &SU_NAME;
515 - &SU_WHEEL_ONLY;
516 &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
517 &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
518 &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
519 &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
520 &SYSLOG_SG_ENAB;
521 - &SYSLOG_SU_ENAB;
522 &TCB_AUTH_GROUP;
523 &TCB_SYMLINKS;
524 &TTYGROUP;
525 - &TTYTYPE_FILE;
526 &UID_MAX; <!-- documents also UID_MIN -->
527 - &ULIMIT;
528 &UMASK;
529 &USERDEL_CMD;
530 &USERGROUPS_ENAB;
531 @@ -239,9 +177,7 @@
532 <term>chfn</term>
533 <listitem>
534 <para>
535 - <phrase condition="no_pam">CHFN_AUTH</phrase>
536 CHFN_RESTRICT
537 - <phrase condition="no_pam">LOGIN_STRING</phrase>
538 </para>
539 </listitem>
540 </varlistentry>
541 @@ -249,7 +185,7 @@
542 <term>chgpasswd</term>
543 <listitem>
544 <para>
545 - ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
546 + ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
547 <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
548 SHA_CRYPT_MIN_ROUNDS</phrase>
549 </para>
550 @@ -259,8 +195,6 @@
551 <term>chpasswd</term>
552 <listitem>
553 <para>
554 - <phrase condition="no_pam">ENCRYPT_METHOD
555 - MD5_CRYPT_ENAB </phrase>
556 <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
557 SHA_CRYPT_MIN_ROUNDS</phrase>
558 </para>
559 @@ -270,7 +204,7 @@
560 <term>chsh</term>
561 <listitem>
562 <para>
563 - CHSH_AUTH LOGIN_STRING
564 + CHSH_AUTH
565 </para>
566 </listitem>
567 </varlistentry>
568 @@ -280,7 +214,7 @@
569 <term>gpasswd</term>
570 <listitem>
571 <para>
572 - ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
573 + ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
574 <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
575 SHA_CRYPT_MIN_ROUNDS</phrase>
576 </para>
577 @@ -339,35 +273,6 @@
578 <para>LASTLOG_UID_MAX</para>
579 </listitem>
580 </varlistentry>
581 - <varlistentry>
582 - <term>login</term>
583 - <listitem>
584 - <para>
585 - <phrase condition="no_pam">CONSOLE</phrase>
586 - CONSOLE_GROUPS DEFAULT_HOME
587 - <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
588 - ENV_TZ ENVIRON_FILE</phrase>
589 - ERASECHAR FAIL_DELAY
590 - <phrase condition="no_pam">FAILLOG_ENAB</phrase>
591 - FAKE_SHELL
592 - <phrase condition="no_pam">FTMP_FILE</phrase>
593 - HUSHLOGIN_FILE
594 - <phrase condition="no_pam">ISSUE_FILE</phrase>
595 - KILLCHAR
596 - <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
597 - LOGIN_RETRIES
598 - <phrase condition="no_pam">LOGIN_STRING</phrase>
599 - LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
600 - <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
601 - MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
602 - QUOTAS_ENAB</phrase>
603 - TTYGROUP TTYPERM TTYTYPE_FILE
604 - <phrase condition="no_pam">ULIMIT UMASK</phrase>
605 - USERGROUPS_ENAB
606 - </para>
607 - </listitem>
608 - </varlistentry>
609 - <!-- logoutd: no variables -->
610 <varlistentry>
611 <term>newgrp / sg</term>
612 <listitem>
613 @@ -382,7 +287,7 @@
614 <para>
615 ENCRYPT_METHOD
616 GID_MAX GID_MIN
617 - MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
618 + MAX_MEMBERS_PER_GROUP
619 HOME_MODE
620 PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
621 <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
622 @@ -399,8 +304,7 @@
623 <term>passwd</term>
624 <listitem>
625 <para>
626 - ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
627 - PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
628 + ENCRYPT_METHOD
629 <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
630 SHA_CRYPT_MIN_ROUNDS</phrase>
631 </para>
632 @@ -432,32 +336,6 @@
633 </para>
634 </listitem>
635 </varlistentry>
636 - <varlistentry>
637 - <term>su</term>
638 - <listitem>
639 - <para>
640 - <phrase condition="no_pam">CONSOLE</phrase>
641 - CONSOLE_GROUPS DEFAULT_HOME
642 - <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
643 - ENV_PATH ENV_SUPATH
644 - <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
645 - MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
646 - SULOG_FILE SU_NAME
647 - <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
648 - SYSLOG_SU_ENAB
649 - <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
650 - </para>
651 - </listitem>
652 - </varlistentry>
653 - <varlistentry>
654 - <term>sulogin</term>
655 - <listitem>
656 - <para>
657 - ENV_HZ
658 - <phrase condition="no_pam">ENV_TZ</phrase>
659 - </para>
660 - </listitem>
661 - </varlistentry>
662 <varlistentry>
663 <term>useradd</term>
664 <listitem>
665 @@ -486,24 +364,6 @@
666 </para>
667 </listitem>
668 </varlistentry>
669 - <varlistentry>
670 - <term>usermod</term>
671 - <listitem>
672 - <para>
673 - LASTLOG_UID_MAX
674 - MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
675 - <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
676 - </para>
677 - </listitem>
678 - </varlistentry>
679 - <varlistentry condition="tcb">
680 - <term>vipw</term>
681 - <listitem>
682 - <para>
683 - <phrase condition="tcb">USE_TCB</phrase>
684 - </para>
685 - </listitem>
686 - </varlistentry>
687 </variablelist>
688 </refsect1>
691 2.39.0